package com.demo.shiro;

import com.xiaoleilu.hutool.crypto.digest.DigestUtil;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;

public class CredentialsMatcher extends SimpleCredentialsMatcher {

    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        SimpleAuthenticationInfo simpleAuthenticationInfo = (SimpleAuthenticationInfo) info;
        UsernamePasswordToken utoken = (UsernamePasswordToken) token;
        //获得用户输入的密码:(可以采用加盐(salt)的方式去检验)
        String inPassword = new String(utoken.getPassword());
        //获得数据库中的密码
        String dbPassword = (String) simpleAuthenticationInfo.getCredentials();
        // 获取数据库中的盐值
        String salt = new String(simpleAuthenticationInfo.getCredentialsSalt().getBytes());
        //进行密码的比对
        String inMd5Str = DigestUtil.md5Hex(inPassword+salt);
        return this.equals(inMd5Str, dbPassword);
    }

}